package edu.cdnu.realm;

import java.util.HashSet;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import edu.cdnu.common.dto.CommonUserDto;
import edu.cdnu.dao.EducationalAdminDao;
import edu.cdnu.dao.StudentDao;
import edu.cdnu.dao.TeacherDao;
import edu.cdnu.pojo.EducationalAdminPojo;
import edu.cdnu.pojo.StudentPojo;
import edu.cdnu.pojo.TeacherPojo;
import edu.cdnu.utils.ResourcesUtil;

public class UserRealm extends AuthorizingRealm {

	@Autowired
	private EducationalAdminDao educationalAdaminDao;
	@Autowired
	private TeacherDao teacherDao;
	@Autowired
	private StudentDao studentDao;
	
	
	/**
	 * 授权
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
		//从数据库加载当前用户的角色，例如：[admin]
		HashSet<String> set=new HashSet<String>();
		set.add("/**");
		authorizationInfo.setRoles(set);
		return authorizationInfo;
	}

	/**
	 * 认证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		String accountRole=(String)token.getPrincipal();
		//从主体传过来的认证信息中，获得用户名
		String[] accountAndRole=accountRole.split("\\.");
		//由于传过来的是number+role;上面通过.分隔分别赋值到number和role
		String account=accountAndRole[0];
		String roleId=accountAndRole[1];
		//通过用户名到数据库中获取凭证;密码
		Object commonUser=null;
		String password=null;
		
		
		// 判断角色 
		if("1".equals(roleId)) {
			//管理员
			password=new Md5Hash(ResourcesUtil.getValue("admin", account+".password"),account).toString();
			commonUser=new CommonUserDto(-1,"admin","管理员",1);
		}else if("2".equals(roleId)) {
			//教务管理员role--2
			EducationalAdminPojo educationalAdminPojo=educationalAdaminDao.selectEducationalAdminByAccount(account);
			commonUser=educationalAdminPojo;
			password=educationalAdminPojo.getPassword();
		}else if("3".equals(roleId)||"4".equals(account)) {
			//教师role--3;班主任role--4
			TeacherPojo teacherPojo=teacherDao.selectTeacherByAccount(account);
			commonUser=teacherPojo;
			password=teacherPojo.getPassword();
		}else if("5".equals(roleId)) {
			// 学员role--5
			StudentPojo studentPojo=studentDao.selectStudentByAccount(account);
			commonUser=studentPojo;
			password=studentPojo.getPassword();
		}
		
		
		//原来只用number作为用户名现在加上roleId作为username的一部分，以点分隔

		/**
		 * login认证，匹配密码; 前面参数是用户的信息
		 */
		SimpleAuthenticationInfo authenticationInfo=new SimpleAuthenticationInfo(commonUser,password,"userRealm");
		//设置加密的盐，这里使用number作为加密的盐
		authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(account));
		
		return authenticationInfo;
	}

	
}
